Insights
Publications

Twists in the Plot: California AG Releases Final CCPA Regulations

August 27, 2020 Blog

With a little time to consider the finalized California Consumer Privacy Act regulations released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some thoughtful additional analysis) took place that led to some unexpected changes. The lion’s share of the regulation requirements have been discussed in depth, so let’s just focus on the following noteworthy changes:

  • Language for Do Not Sell Link. Prior versions enabled companies selling personal information to include a link reading “Do Not Sell My Info,” but that language is no longer acceptable and must instead read “Do Not Sell My Personal Information” as called for in the statute. (Section 999.305(b)(3))
  • Agent Verification. While requests to know and delete from an authorized agent of the data subject continue to require significant validation, where the authorized agent is merely making an opt-out request, a signed permission is sufficient verification. (Section 999.315(f))
  • Financial Incentive. The definition for “financial incentive” no longer includes payments/etc. in connection with the “retention” of personal information. Thus, in line with the statute, the requirements concerning financial incentives will not be broadened beyond those offered in connection with the “collection, deletion, or sale” of personal information. (Section 999.301(j))
  • Offline Notice. The final regulations removed the requirement that a privacy notice be provided where the business interacts with consumers offline to collect information (e.g., through an in-store, handwritten e-mail sign-up list). Businesses will instead be able to provide the notice solely on the website. If the business does not have a website, though, it would of course need to provide the notice in connection with the collection of personal data. (Section 999.306(b))
  • Opt-Out Method. The AG had provided that the method of opt-out be “easy for consumers to execute” and “require minimal steps.” While an overly-complicated opt-out procedure will likely still be found to be noncompliant, the removal of this vague language will avoid some additional uncertainty. (Section 999.315)

These changes together signal the Attorney General’s acceptance that some of the steps it had previously taken to broaden the reach of the CCPA went too far, or that clarification was necessary. The enforcement of the regulations, which has begun, will need to play out before we can understand them fully. But one thing we do know is that the regulations will be short-lived and will require significant overhaul if the California Privacy Rights Act of 2020 ballot initiative passes in November and becomes law in 2023. Stay tuned.

Firm Highlights

Publication

Electric Fence: Protecting Proprietary Rights in Collected Energy Data

Like companies in other industries, a growing number of modern energy-related companies are focusing their efforts on data collection and analysis. For example, Enphase – an energy technology company – regularly tracks data about how...

Read More
Publication

Undergoing Bankruptcy Proceedings? Here’s How to Make Sure PII Maintains Its Value

Due to the COVID-19 pandemic, some businesses are considering potential liquidation or restructuring through bankruptcy. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings...

Read More
Publication

Three Steps Licensees Can Take to Protect Their IP Rights in Bankruptcy

During periods of widespread economic disruption such as the present, operating businesses must be able to identify and respond to threats to the financial health of their contracting counterparts in order to protect key...

Read More
Publication

Top 10 Practical Business Implications Arising From the Passage of the CPRA

California’s Proposition 24 passed as expected, and the new California Privacy Rights Act will change the privacy landscape created by the California Consumer Protection Act (CCPA), which went into effect only months ago. While...

Read More
News

Prop. 24 Passes: What Companies Need To Know About the New Privacy Law

Nate Garhart spoke to the San Francisco Business Times on the steps companies can take to prepare for the California Privacy Rights Act (CPRA). He noted that if the CPRA applies to your business, then...

Read More
Publication

Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras...

Read More
Publication

How Antitrust and Unfair Competition Laws Affect Platform Providers’ Relationships With ISVs, API Developers, and Scrapers

A wide variety of business and consumer platforms host mutually beneficial ecosystems. But these ecosystems are also fraught with antitrust risk that arises when platforms try to terminate or modify the terms of third-party...

Read More
Publication

Proposition 24: California’s Ever-Evolving Privacy Landscape

Next Tuesday is election day, and this year, California voters are deciding whether to support another statewide privacy initiative – the California Privacy Rights Act (CPRA) (Proposition 24).  This measure would expand on the...

Read More
Publication

Privacy During Bankruptcy Proceedings: Why It Matters

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to...

Read More
Publication

PSDcast – Is Energy Companies' Customer Data a Trade Secret?

We often focus on the privacy issues involved in data collection – and they are critically important – while neglecting the idea of data as a tangible and valuable resource (and how to protect...

Read More